admin and user login

Question

issaru07 0 Light Poster

12 Years Ago

been stuck this for the whole day.. need to seek advice from u guys.. it dont seems to work if i login as normal user... but if i log in as admin, it will redirect me to admin-index.php correctly.

<?php 

// Array for recording errors:
$login_errors = array();

// Validate the email address:
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
	$e = mysqli_real_escape_string ($dbc, $_POST['email']);
} else {
	$login_errors['email'] = 'Please enter a valid email address!';
}

// Validate the password:
if (!empty($_POST['pass'])) {
	$p = mysqli_real_escape_string ($dbc, $_POST['pass']);
} else {
	$login_errors['pass'] = 'Please enter your password!';
}


	
if (empty($login_errors)) { // OK to proceed!



	// Query the database:
//	$q = "SELECT email, password FROM members1 WHERE (email='$e' AND password='$p')";		
	//$q = "SELECT userid, email, firstname, lastname, password FROM members2 WHERE (email='$e' AND password='$p')";	
	$q = "SELECT * FROM members2 WHERE (email='$e' AND admin='1' AND password='$p')";	
	$q2 = "SELECT * FROM members2 WHERE (email='$e' AND admin='0' AND password='$p')";	
		

	$r = mysqli_query ($dbc, $q);
		$r2 = mysqli_query ($dbc, $q2);

			
//$objQuery = mysql_query($q) or die ("Error Query [".$q."]");
	//$r2 = mysqli_query ($dbc, $q2);
	
	if (mysqli_num_rows($r) == 1)   { // A match was made.		
		// Get the data:
		//header('Location: welcome.php');
		
		$welcomepage2 = "admin-index.php";
		
		echo '<script language="javascript" type="text/javascript">window.location.href="'.$welcomepage2.'";</script>';
		
		$row = mysqli_fetch_array ($r, MYSQLI_NUM); 
	$lastname = $row['lastname'];
		$_SESSION['lastname'] = $lastname;			
		$_SESSION['email'] = $_POST['email'];
	
	//session_register("lastname", $lastname); 
	} 
	
	
		
	if (mysqli_num_rows($r) == 1)   { // A match was made.		
		// Get the data:
		//header('Location: welcome.php');
		
		$welcomepage = "welcome.php";
		
		echo '<script language="javascript" type="text/javascript">window.location.href="'.$welcomepage.'";</script>';
		
		$row = mysqli_fetch_array ($r, MYSQLI_NUM); 
	$lastname = $row['lastname'];
		$_SESSION['lastname'] = $lastname;			
		$_SESSION['email'] = $_POST['email'];
	
	//session_register("lastname", $lastname); 
	} 
	

	
	else { // No match was made.
		$login_errors['login'] = 'The email address and password do not match those on file.';
	}
	
} // End of $login_errors IF.

// Omit the closing PHP tag to avoid 'headers already sent' errors!

php

2 Contributors
1 Reply
138 Views
6 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by simplypixie

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

simplypixie 123 Posting Pro in Training · Answer 1 · 2012-01-18T23:15:52+00:00

Your code needs tidying up (you don't need 2 queries, just one and then check what value the admin is and use that in an if statement to redirect appropriately. However, looking at what you have you are looking for the number of rows the using the same result so in line 58 it should be

if (mysqli_num_rows($r2) == 1)   {